In association with heise online

19 January 2012, 16:12

OpenSSL fixes DoS bug in recent bug fix

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

SSL icon The OpenSSL developers have released versions 1.0.0g and 0.9.8t to address a denial of service issue introduced by one of the six fixes included in the version they released earlier this month. The problem was created by the fix for a critical vulnerability in the CBC ("Cipher block chaining") encryption mode which enabled plaintext recovery of OpenSSL's implementation of DTLS (Datagram TLS).

Accordingly, the advisory notes that the DoS flaw only affects users using DTLS applications that use OpenSSL 1.0.0f and 0.9.8s. The developers credit Antonio Martin of Cisco Systems for discovering the bug and preparing the fix for it. Source code for the corrected versions is available to download.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit